CVE-2020-7106
published 2020-01-16CVE-2020-7106: Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | < 1.2.9 | 1.2.9 |
| cacti | cacti | >= 0 < 1.2.9+ds1-1 | 1.2.9+ds1-1 |
| cacti | cacti | >= 0 < 1.2.9+ds1-1 | 1.2.9+ds1-1 |
| cacti | cacti | >= 0 < 1.2.9+ds1-1 | 1.2.9+ds1-1 |
| cacti | cacti | >= 0 < 1.2.9+ds1-1 | 1.2.9+ds1-1 |
| debian | cacti | < cacti 1.2.9+ds1-1 (bookworm) | cacti 1.2.9+ds1-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM